<?php
/** Zend_Controller_Action */
require_once 'Zend/Controller/Action.php';
require_once 'Zend/Acl.php';
require_once 'Zend/Acl/Role.php';
require_once 'Zend/Acl/Resource.php';

class Chapter2Controller extends Zend_Controller_Action
{
    public function init() 
    {
        $this->_helper->viewRenderer->setNoRender();
    }
    
    public function indexAction()
    {
        $acl = new Zend_Acl();
        
    // Guest does not inherit access controls
    $roleGuest = new Zend_Acl_Role('guest');
    $acl->addRole($roleGuest);
    
    // Staff inherits from guest
    $acl->addRole(new Zend_Acl_Role('staff'), $roleGuest);
    
    /* alternatively, the above could be written:
    $acl->addRole(new Zend_Acl_Role('staff'), 'guest');
    //*/
    
    // Editor inherits from staff
    $acl->addRole(new Zend_Acl_Role('editor'), 'staff');
    
    // Administrator does not inherit access controls
    $acl->addRole(new Zend_Acl_Role('administrator'));
        
        
        // The new marketing group inherits permissions from staff
        $acl->addRole(new Zend_Acl_Role('marketing'), 'staff');
        
        
        
        
        $acl->add(new Zend_Acl_Resource('newsletter'));           // newsletter
        $acl->add(new Zend_Acl_Resource('news'));                 // news
        $acl->add(new Zend_Acl_Resource('latest'), 'news');       // latest news
        $acl->add(new Zend_Acl_Resource('announcement'), 'news'); // announcement news
        
        
        
        // Marketing must be able to publish and archive newsletters and the latest news
        $acl->allow('marketing', array('newsletter', 'latest'), array('publish', 'archive'));
        
        // Staff (and marketing, by inheritance), are denied permission to revise the latest news
        $acl->deny('staff', 'latest', 'revise');
        
        // Everyone (including administrators) are denied permission to archive news announcements
        $acl->deny(null, 'announcement', 'archive');
        
        
        echo $acl->isAllowed('staff', 'newsletter', 'publish') ?
        "allowed" : "denied"; // denied
        
        echo $acl->isAllowed('marketing', 'newsletter', 'publish') ?
        "allowed" : "denied"; // allowed
        
        echo $acl->isAllowed('staff', 'latest', 'publish') ?
        "allowed" : "denied"; // denied
        
        echo $acl->isAllowed('marketing', 'latest', 'publish') ?
        "allowed" : "denied"; // allowed
        
        echo $acl->isAllowed('marketing', 'latest', 'archive') ?
        "allowed" : "denied"; // allowed
        
        echo $acl->isAllowed('marketing', 'latest', 'revise') ?
        "allowed" : "denied"; // denied
        
        echo $acl->isAllowed('editor', 'announcement', 'archive') ?
        "allowed" : "denied"; // denied
        
        echo $acl->isAllowed('administrator', 'announcement', 'archive') ?
        "allowed" : "denied"; // denied
        
    }
}